(not exacly)external network and samba access

[kokodin]

Kind of stupid problem
In samba configuration  by Zentyal is  what i read something like "automatic generated samba.conf on every change or startup" so manualy enabling external access to samba shares is out of the question. the problem is in my school there are many teachers  computers, which are not connected under my internal network. They are in higher level school network alongside the server "external" adress, but the problem is i would like to alow them to access specyfic share whatever they are in their classrooms or in computer room, staff room or wathever place in school by autorized user account.
i was thinking about taking down "external wan" tag from my eth0 or adding another card under the same network. but that could be problematic .
is there any legitimate way of giving access to samba from external network in zentyal 3.0?

[christian]

Is your Zentyal server really connecting to internet or "unsafe" network via this secondary NIC ?
If yes, I would suggest VPN for external users or if these users are accessing from network that is under control, site to site VPN.

[kokodin]

ok i have read through zentyal documentation about installing vpn service but one thing is still a little blurry to me.
with creating a bundle installer for windows and its external ip adress.
what adress should i use in situation when all vpn clients would be on the same level network as external network adapter of the server
example
internet ip 78.89.x.x(modem)>>(router firewall internal ip 192.168.x.x)>>{[(zentyal external ip 192.168.x.x, internal ip 192.168.v.v)>>(server clients ip 192.168.v.v)] (vpn clients  ip 192.168.x.x) (other subnetwork routers ip 192.168.x.x)}
vpn clients are only in orange root internal network of the school and they need to all acces one share as a exchange drive, this drive should be visable also from zentyal internal network.

[christian]

Sorry, I read again and again your post but I don't understand what you mean. Not clear to me.
It looks like you want to establish VPN for internal users ? Is that correct ?

[kokodin]

I'm kind of bad in explaining things, sorry. Especialy in english.
i have one big network that connects everything in school (orange). it is made by somone else and i have no resources to change it. in this network are workstations, one in every classroom. Those are teacher computers, not in domain (some of them can't be even if i want htem to be) and connected to internet via root network and router.
there are also 3 computer science classrooms and those are connected to their domain controllers (2 to zentyal and one to sbs2003)
i want to make teacher share disk for every teacher computer in school in order to reduce pendrive use and important file lose that those people are capable of.
Zentyal or any other computer with share capability could do taht but my server work 24/7 so i chosen it. The problem is that i do not known if i can share internet from internal network to another internal network using zentyal
it was done by previous win2000 server whitch died last year
i added atachemnt with all of it
orange root network, green signed computers and light green zentyal network byt it may make les sense than anything

[christian]

I do appreciate that you have spent time explaining and providing drawing although this is not yet clear to me due to your comments about domains (Zentyal and non-Zentyal).
I've no idea about what can be done in term of trust relationship between Zentyal and non-Zentyal Windows domains. This is not yet clear to me plus I understand you have devices not able to join any domain.

In such case, why don't you deploy HTTP-based solution like OwnCloud on Zentyal that will permit any authorized user to access OwnCloud share from his browser and upload/download files ?

[kokodin]

all computers in darker green areas are teachers computers. Most of those pc are 5-10 years old and mostly cheaper home windows editions (xp and win 7) teachers are kind of dumb with computers and they can destroy frontpanel to plugin their pendrives in classrooms other than theirs. so i think that maped network drive in every computer in school under the same leter is the only idiot-proof solution. I would like to avoid things that they do not known because it is much more footwork for me if something "is not working" as they think.
I was thinking about external harddrive plug in root network but it was too expensive solution for my school
the problem is that windows 2000 server was using 2 internal network adapters and was able to root internet to domain  users from one of those adapters.
Zentyal server is more restricted and it roots internet from external adapter (i understand that only from external adapters) and samba is working only on internal networks.
I want to acces samba on external network adapter (for the Zentyal server) whitch is actualy my root network for the other computers

[astana]

I'm not sure I understand this 100%, but then networks are complicated beasts, especially some-one else's.

My 1st question is: Is Zentyal your gateway? Looking at the diagram that didn't appear to be the case.
Can you add more NIC's to your zentyal box to route all the different networks, allowing all those subnets to talk to each other?

I don't see any 'external' network except for the internet entrance at the top left of your diagram. I do see lots of subnets, which I assume is where your problem lies.

[kokodin]

it is complicated, because every computer in classrooms were bought separatly and without any supervision. Because up to that point nobody was responsible for managing or designing working network.
With computer science rooms, we have 3 and a half of those, and all of them were simply "fit as it is" because all of them were recived from ministry of education mostly designed to work as a single network in school. So that mean as one internal network and lan cable to outside. And servers  are doing the job of accounts storage area and internet gateway with restricted access by users of that classroom network. In my picture every "sala" should translate to "classroom" and grey borders are in fact representation of walls.

I enabled "external network" in zentyal for one adapter because of my lack of understanding of routing tables in linux  systems. If you say it will work as an internet gate even if that interface is not external, than problem will disapear on its own.

[christian]

The point is that "reading" your drawing is very difficult. I did print it and still can't figure out how it work.
This is not matter of wording or language (this is pretty self explanatory at least for a French guy  )
This is more a physical representation than a logical one.
I'm not able to distinguish between routers and switches

My current understanding is that Zentyal controls classrooms 20 and 24. Is that correct?

[astana]

it is complicated, because every computer in classrooms were bought separatly and without any supervision. Because up to that point nobody was responsible for managing or designing working network.
With computer science rooms, we have 3 and a half of those, and all of them were simply "fit as it is" because all of them were recived from ministry of education mostly designed to work as a single network in school. So that mean as one internal network and lan cable to outside. And servers  are doing the job of accounts storage area and internet gateway with restricted access by users of that classroom network. In my picture every "sala" should translate to "classroom" and grey borders are in fact representation of walls.

I enabled "external network" in zentyal for one adapter because of my lack of understanding of routing tables in linux  systems. If you say it will work as an internet gate even if that interface is not external, than problem will disapear on its own. It will not act as a gateway if it's marked as internal. It should only be marked as external if it's physically connected to your internet access.

As far as I can tell though you still only have described an internal network, unless you route through a public IP address between buildings!
Can you answer the following question: Is your Zentyal box responsible for receiving and routing all traffic from the internet?

[christian]

Can you answer the following question: Is your Zentyal box responsible for receiving and routing all traffic from the internet?

This part is pretty clear on the provided drawing:
Zentyal is somewhere in the middle of the LAN, connecting to Internet via multiple switches and routers (wicedyrektor, airlive2) on one side and, for what I can guess, connecting classrooms 20 & 24 on the other side.
All other devices have "direct" access to internet and can't be under Zentyal's control.

However I don't think this is what this user wants to achieve. unless I'm wrong, is goal is to allow file sharing between devices and users that are not part of same domain or not even part of any domain. What I don't understand is whether this is linked to internet access or not.

[kokodin]

The point is that "reading" your drawing is very difficult. I did print it and still can't figure out how it work.
This is not matter of wording or language (this is pretty self explanatory at least for a French guy  )
This is more a physical representation than a logical one.
I'm not able to distinguish between routers and switches

My current understanding is that Zentyal controls classrooms 20 and 24. Is that correct?

As crazy as it look that is correct. Zentyal controll classroom 20 (xp workstation) and 24(vista, cable going trough classrooms 20 to 19 and back to 24) also  3 computers in library (xp) I have draw color lines for every network to make it more readable. In reality it is black and white picture and for recognizing ends i numbered every eternet socket in school. but at last it is, because when i start to work here , there was no documentation at all.

As far as I can tell though you still only have described an internal network, unless you route through a public IP address between buildings!
Can you answer the following question: Is your Zentyal box responsible for receiving and routing all traffic from the internet?

I go with  ip's
router airlive2 is my gateway and dhcp server for orange netwoek 192.168.2.0
zentyal box is configured as server for internal network for classrooms 20 and 24, and library, 192.168.20.0 and have set "external" on other ethernet adapter which is also set as gateway to my airlive2 router in zential ip is 192.168.2.x and router ip is 192.168.2.y. All in one building and i would like to block non-standard ports for classrooms 20, and 24 to ban online gaming during classes